A Chinese state-sponsored actor, “UNC5147”, has been using open source tools to attack its victims. The attacker has been using a new command and control (C2) tool, the “Vshell”, in its campaign since January, as well as a variant of “Snowlight” malware. Threat actors are beginning to use open source tools in their attacks more frequently, taking advantage of their cost effectiveness. UNC5147 is believed to be a contractor working for the Chinese government and targeting Western countries including the US, UK, and Canada. 

Read more: https://www.darkreading.com/cyberattacks-data-breaches/china-threat-actor-unc5174-open-source-stealthy-attacks